Merge pull request #228 from ImMin5/feature-service-accont-auto-sync

Add plugin_options for trusted_account

src/spaceone/identity/manager/job_manager.py

@@ -24,13 +24,15 @@ def create_job(
             workspace_id: str,
             trusted_account_id: str,
             plugin_id: str,
+            options: dict,
     ) -> Job:
         data = {
             "resource_group": resource_group,
             "plugin_id": plugin_id,
             "trusted_account_id": trusted_account_id,
             "domain_id": domain_id,
             "workspace_id": workspace_id,
+            "options": options,
         }
         job_vo = self.job_model.create(data)
 
@@ -129,7 +131,7 @@ def change_error_status(
 
         job_vo.update(
             {
-                "status": "ERROR",
+                "status": "FAILED",
                 "error_message": error.message,
                 "finished_at": datetime.utcnow(),
             }

src/spaceone/identity/model/job/database.py

@@ -8,6 +8,7 @@ class Job(MongoModel):
         choices=("PENDING", "IN_PROGRESS", "FAILURE", "SUCCESS", "CANCELED"),
         default="PENDING",
     )
+    options = DictField(default=None, null=True)
     error_message = StringField(default=None, null=True)
     resource_group = StringField(max_length=40, choices=("DOMAIN", "WORKSPACE"))
     trusted_account_id = StringField(max_length=40)

src/spaceone/identity/model/job/response.py

@@ -13,6 +13,7 @@
 class JobResponse(BaseModel):
     job_id: Union[str, None] = None
     status: Union[Status, None] = None
+    options: Union[dict, None] = None
     error_message: Union[str, None] = None
     resource_group: Union[ResourceGroup, None] = None
     trusted_account_id: Union[str, None] = None

src/spaceone/identity/model/trusted_account/database.py

@@ -9,6 +9,7 @@ class TrustedAccount(MongoModel):
     provider = StringField(max_length=40)
     schedule = DictField(default=None, null=True)
     sync_options = DictField(default=None, null=True)
+    plugin_options = DictField(default=None, null=True)
     tags = DictField(default=None)
     secret_schema_id = StringField(max_length=40)
     trusted_secret_id = StringField(max_length=40)
@@ -23,6 +24,7 @@ class TrustedAccount(MongoModel):
             "data",
             "schedule",
             "sync_options",
+            "plugin_options",
             "tags",
             "secret_schema_id",
             "trusted_secret_id",

src/spaceone/identity/model/trusted_account/request.py

@@ -24,6 +24,7 @@ class TrustedAccountCreateRequest(BaseModel):
     secret_data: dict
     schedule: Union[dict, None] = None
     sync_options: Union[dict, None] = None
+    plugin_options: Union[dict, None] = None
     tags: Union[dict, None] = None
     resource_group: ResourceGroup
     workspace_id: Union[str, None] = None
@@ -36,6 +37,7 @@ class TrustedAccountUpdateRequest(BaseModel):
     data: Union[dict, None] = None
     schedule: Union[dict, None] = None
     sync_options: Union[dict, None] = None
+    plugin_options: Union[dict, None] = None
     tags: Union[dict, None] = None
     workspace_id: Union[str, None] = None
     domain_id: str

src/spaceone/identity/model/trusted_account/response.py

@@ -14,6 +14,7 @@ class TrustedAccountResponse(BaseModel):
     provider: Union[str, None] = None
     schedule: Union[dict, None] = None
     sync_options: Union[dict, None] = None
+    plugin_options: Union[dict, None] = None
     tags: Union[dict, None] = None
     secret_schema_id: Union[str, None] = None
     trusted_secret_id: Union[str, None] = None

src/spaceone/identity/service/job_service.py

@@ -192,6 +192,7 @@ def sync_service_accounts(self, params: dict) -> None:
                     'secret_data': 'dict',
                     'workspace_id': 'str',
                     'domain_id': 'str'
+                    'options': 'dict'
             }
         Returns:
             None:
@@ -218,6 +219,7 @@ def sync_service_accounts(self, params: dict) -> None:
 
         provider = provider_vo.provider
         sync_options = trusted_account_vo.sync_options or {}
+        plugin_options = trusted_account_vo.plugin_options or {}
 
         if self._is_job_failed(job_id, domain_id, job_vo.workspace_id):
             self.job_mgr.change_canceled_status(job_vo)
@@ -227,7 +229,9 @@ def sync_service_accounts(self, params: dict) -> None:
             synced_service_accounts = []
 
             try:
+                # Merge plugin options and trusted_account plugin options
                 options = plugin_info.get("options", {})
+                options.update(plugin_options)
                 schema_id = plugin_info.get("schema_id")
 
                 (
@@ -347,6 +351,7 @@ def created_service_account_job(
             workspace_id,
             trusted_account_id,
             plugin_id,
+            job_options
         )
 
         if self._check_duplicate_job(domain_id, trusted_account_id, job_vo):
@@ -362,6 +367,7 @@ def created_service_account_job(
                     "secret_data": trusted_secret_data,
                     "workspace_id": trusted_account_vo.workspace_id,
                     "domain_id": domain_id,
+                    "options": job_options,
                 }
             )
             try:
@@ -600,7 +606,7 @@ def _create_service_account(
                 "TRUSTING_SECRET",
             )
 
-            secret_mgr = SecretManager()
+            secret_mgr: SecretManager = self.locator.get_manager("SecretManager")
             create_secret_params = {
                 "name": f"{service_account_vo.service_account_id}-secret",
                 "data": secret_data,

src/spaceone/identity/service/trusted_account_service.py

@@ -37,7 +37,7 @@ def __init__(self, *args, **kwargs):
     )
     @convert_model
     def create(
-        self, params: TrustedAccountCreateRequest
+            self, params: TrustedAccountCreateRequest
     ) -> Union[TrustedAccountResponse, dict]:
         """create trusted account
 
@@ -50,6 +50,7 @@ def create(
                 'secret_data': 'dict',
                 'schedule': 'dict',
                 'sync_options': 'dict',
+                'plugin_options': 'dict',
                 'tags': 'dict',
                 'resource_group': 'str',        # required
                 'workspace_id': 'str',          # injected from auth
@@ -70,6 +71,11 @@ def create(
         else:
             params.workspace_id = "*"
 
+        # Check provider
+        if params.schedule or params.sync_options or params.plugin_options:
+            provider_vo = self.provider_mgr.get_provider(params.provider, params.domain_id)
+            self._check_provider_sync(provider_vo)
+
         # Check data by schema
         schema_mgr = SchemaManager()
         schema_mgr.validate_data_by_schema(
@@ -112,7 +118,7 @@ def create(
     )
     @convert_model
     def update(
-        self, params: TrustedAccountUpdateRequest
+            self, params: TrustedAccountUpdateRequest
     ) -> Union[TrustedAccountResponse, dict]:
         """update trusted account
 
@@ -121,6 +127,9 @@ def update(
                 'trusted_account_id': 'str',    # required
                 'name': 'str',
                 'data': 'dict',
+                'schedule': 'dict',
+                'sync_options': 'dict',
+                'plugin_options': 'dict',
                 'tags': 'dict',
                 'workspace_id': 'str',          # injected from auth
                 'domain_id': 'str'              # injected from auth (required)
@@ -144,6 +153,12 @@ def update(
                 params.data,
             )
 
+        if params.sync_options or params.schedule or params.plugin_options:
+            provider_vo = self.provider_mgr.get_provider(
+                trusted_account_vo.provider, params.domain_id
+            )
+            self._check_provider_sync(provider_vo)
+
         trusted_account_vo = self.trusted_account_mgr.update_trusted_account_by_vo(
             params.dict(exclude_unset=True), trusted_account_vo
         )
@@ -156,7 +171,7 @@ def update(
     )
     @convert_model
     def update_secret_data(
-        self, params: TrustedAccountUpdateSecretRequest
+            self, params: TrustedAccountUpdateSecretRequest
     ) -> Union[TrustedAccountResponse, dict]:
         """update trusted account secret data
 
@@ -268,7 +283,7 @@ def sync(self, params: TrustedAccountSyncRequest) -> Union[JobResponse, dict]:
     @change_value_by_rule("APPEND", "workspace_id", "*")
     @convert_model
     def get(
-        self, params: TrustedAccountGetRequest
+            self, params: TrustedAccountGetRequest
     ) -> Union[TrustedAccountResponse, dict]:
         """get trusted account
 
@@ -308,7 +323,7 @@ def get(
     @append_keyword_filter(["trusted_account_id", "name"])
     @convert_model
     def list(
-        self, params: TrustedAccountSearchQueryRequest
+            self, params: TrustedAccountSearchQueryRequest
     ) -> Union[TrustedAccountsResponse, dict]:
         """list trusted accounts
 
@@ -373,13 +388,7 @@ def stat(self, params: TrustedAccountStatQueryRequest) -> dict:
     @staticmethod
     def _check_provider_sync(provider_vo: Provider) -> None:
         options = provider_vo.options or {}
-        if not (
-            options.get("support_trusted_account") and options.get("support_auto_sync")
-        ):
-            raise ERROR_INVALID_PARAMETER(
-                key="provider.options", message="Sync options is disabled"
-            )
+        if not options.get("support_trusted_account") and options.get("support_auto_sync"):
+            raise ERROR_INVALID_PARAMETER(key="provider.options", message="Sync options is disabled")
         elif not provider_vo.plugin_info:
-            raise ERROR_INVALID_PARAMETER(
-                key="provider.plugin_info", message="Plugin info not found"
-            )
+            raise ERROR_INVALID_PARAMETER(key="provider.plugin_info", message="Plugin info not found")